- Read the docs - I know this sounds tired, but yes, read the docs. If you sign up for an exchange, read the user-agreement, fee-schedule, terms-of-use. Yes.. really read it. You will find all the stuff out like "WTF, they can freeze my account".
- Calculate costs at the confirmation screen - Whether you are using a wallet or an exchange, most "good" ones will give you a confirmation screen before your FIAT or currency is spent. Take time to actually examine it insanely closely. You may find that you are paying 10% or 20% more than other sites, and a common ploy is to jump the price in the confirmation screen. So all may be good until that last screen where the amount you get to buy suddenly drops.
- Get a Yubikey (or U2F device) - Seriously, please STOP using Google Authenticator or SMS / Email based 2FA. All of these can either be phished or are dependent on outside security (email or phone). Hardware-2FA like Yubikey are completely independent and light years ahead of stuff like Authenticator. They usually only cost $20, and if you buy two, you can have redundancy against loss or damage.
- Get a firewalled bank account - If you live in the US, bank accounts are often free. Seriously consider having a dedicated banking account just for funding your exchange. ONLY link your exchange to this isolated bank account, and don't hold most of your savings in it. If / when your exchange account is hacked the first thing done is usually to empty any linked bank or credit card.
- Encrypt your phone and harddrive - If you think throughout your life, there are many occasions where strangers have access to your phone. Valet parking, car crash, hospital visit, bag at gym. If you hold crypto on an unencrypted phone it is simple for them to swipe the phone and image the NAND. Even if they don't have your unlock pin, if the storage is unencrypted it is simple to pull data off of it.
- Get a ProtonMail (or Tutanota) account - Even with hardware-2FA, there are dangers of your exchange account getting compromised through your email. Usually this takes the form of a "lost 2FA" request that some exchanges (coinbase) will interpret as a "remove security" request. Safest to simply ensure that your email never gets hacked reducing the chance of this risk bleeding into your exchange. Unfortunately email like Google (gmail) or Apple (icloud) are used with many services and if any one of those get compromised your email could fall victum. Best to have a crazy paranoid, hyper secure, single use email linked to your exchange. ProtonMail and Tutanota are two such services. All communication (except subject) are 100% encrypted in transit and at rest.
- Logout of any site you log into - If an attacker doesn't compromise your account through your email, the next best way is to steal your browser cache. The cache will hold cookies that will likely still have active session tokens. Some exchanges (coinbase) will allow a user to log into the exchange with the cookie even without passing the 2FA challenge, and sometimes even without presenting a password. Easiest way to clear session tokens is to logout of every site before you leave it. A better way is to do exchange work in an incognito / private browser session
- Use a password manager - You should use a unique randomly generated user-id and random password for all sites. Using the same user-id or same password on Coinbase and BitcoinTalk means that if either of those are hacked, both of them become vulnerable. Password managers make it easy to randomly generated user-id / pw for every site, and easy to keep up with them.
- Learn how to use GPG - Cyptocurrency is about cryptography, and one of the original cryptography products were PGP and GPG. Many wallets that you download today will offer a GPG signature validation. You should always perform this validation when available. What's more, learning GPG will help you understand some of the workings of cryptography from a very high level. If you use ProtonMail, you will automatically get a GPG key generated at the account setup.
- Get a hardware wallet - Finally, if you ever decide to hold your coins outside of an exchange, you should probably do so with a hardware wallet. Many of these wallets will offer multi-use mode where they can do the function of #3,#5,#8, and #9 in them. Though some prefer to use them in single-use mode (BTC only) to have a smaller attack surface. Regardless, in the broader context, a HW-wallet is almost always worth the investment.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments